60 apps Privacy
Whoogle screenshot thumbnail

Whoogle

Google's search results without Google's surveillance: Whoogle is a self-hosted proxy that strips the tracking and keeps the results. Your query goes from browser to your Whoogle instance, which fetches results from Google with a randomly generated User Agent and strips everything hostile before returning them: no ads or sponsored content, no third-party JavaScript or cookies, no AMP links, no URL tracking tags like utm_source, no referrer header - and Google sees your server's IP, never yours. Unlike metasearch engines that blend sources, Whoogle proxies Google exclusively, so result quality is exactly what you'd get logged out and incognito, minus the noise. A lightweight Flask app configured entirely through environment variables, it supports DuckDuckGo-style bang shortcuts, autocomplete suggestions, safe search, per-country and per-language filtering, site blocklists, and automatic rewriting of social links to privacy front-ends like Nitter and Invidious. Privacy hardening goes further: built-in Tor routing makes Google see an exit node instead of your server, HTTP/SOCKS proxy support covers other setups, and POST-based queries keep search terms out of logs. Light, dark, and fully custom CSS themes plus browser search-engine registration make it a drop-in default on desktop and mobile. Stateless, tiny, and trivial to run.

Deploy
SearXNG screenshot thumbnail

SearXNG

Up to 280 search services - Google, Bing, DuckDuckGo, Brave, Qwant, Startpage - aggregated without tracking or profiling: SearXNG is a privacy-respecting metasearch engine (AGPL-3.0, successor to Searx). Your instance queries the upstream engines on your behalf: your IP address, cookies, and search history never reach them, tracker parameters are stripped from result URLs, and an optional image proxy fetches thumbnails server-side so result pages leak nothing. It can even route outbound queries through Tor for full anonymity. Search is organized into categories - general, images, videos, news, maps, music, IT, science, files - with bang shortcuts for targeting specific engines, and every source can be enabled, disabled, or weighted per category in settings.yml. A plugin system adds calculators, hash tools, tracker removal, and unit conversions inline, and preferences (themes, safe search, languages, engine selection) persist in cookies rather than server-side accounts. The real argument for running your own instance rather than trusting a public one is control: you decide the logging policy (none), the engine mix, rate limiting, and who gets access - making it the default search backend for browsers, families, and teams that want Google-quality results without the profile.

Deploy
Radicale screenshot thumbnail

Radicale

Calendars, to-do lists, journal entries, and contacts, synced over the open CalDAV and CardDAV standards nearly every client already speaks: Radicale is a small pure-Python server that works with Thunderbird, DAVx5 on Android, Apple Calendar and Contacts, GNOME, and many more. Its defining design choice is radical simplicity: there is no database. Events live as plain .ics files and contacts as .vcf files in an ordinary folder structure, which makes backup a copy command, migration a move, and disaster recovery a matter of reading text files. The server works out of the box with no complicated setup, then grows as needed: flexible authentication (htpasswd files among other methods), per-collection authorization rules, TLS-secured connections, and a plugin system for extending storage, auth, and rights handling. Built-in limits on parallel connections, file sizes, and failed authentication attempts harden it for network exposure behind a reverse proxy. A bundled web interface handles creating and managing calendars and address books - useful since many clients cannot create collections themselves. Maintained since 2011 with 140+ contributors, GPLv3-licensed, and light enough to run on the smallest VPS or a Raspberry Pi.

Deploy
Usermemos screenshot thumbnail

Usermemos

Memos, the lightweight open-source note service from the usememos project, packaged as a containerized deployment for multi-architecture Docker hosts (x86-64 and arm64): that is Usermemos. The model is frictionless capture: no folders or titles, just a chronological stream of Markdown notes with code blocks, task lists, tables, and file attachments, organized by #hashtags pulled automatically from the text. Per-memo visibility - private, protected for logged-in users, or public - lets a single instance serve as a personal journal, a shared team log, or a public microblog simultaneously. Multi-user support with authentication makes it workable for small teams, and full REST and gRPC APIs open capture and retrieval to CLIs, bots, and automation tools. The runtime is a single Go binary with a React frontend that idles around 50 MB of memory and stores content as plain Markdown in SQLite by default, with MySQL and PostgreSQL available for heavier deployments. Configuration happens through environment variables, access works over HTTP or HTTPS behind a reverse proxy, and there is no telemetry - notes stay on your server in a portable format.

Deploy
Vaultwarden screenshot thumbnail

Vaultwarden

The Bitwarden server, reimplemented in Rust: Vaultwarden (formerly bitwarden_rs) is the unofficial lightweight edition. It speaks the same wire protocol as the official server, so every official Bitwarden client - browser extensions, iOS, Android, desktop, and the bw CLI - connects without modification, while the server itself runs as a single container against SQLite (or MySQL/MariaDB/PostgreSQL) instead of the official multi-container stack that wants gigabytes of RAM. Features Bitwarden gates behind paid tiers ship free: organizations with collections, groups, member roles, and policies; TOTP code storage; file attachments; Bitwarden Send; Emergency Access; event logs; and admin password reset. Two-factor options cover authenticator apps, email, FIDO2 WebAuthn, YubiKey, and Duo, and OIDC-based SSO landed natively in v1.35.0. Zero-knowledge encryption is unchanged - vault data is encrypted client-side and the master password never reaches the server. Attachments and Sends store on local disk or S3-compatible backends, an admin panel manages users and server settings, and backup is copying one data directory. Suited to individuals and teams up to roughly 50 users.

Deploy
Passbolt screenshot thumbnail

Passbolt

Security-conscious IT departments pick Passbolt for its cryptography: every user holds an OpenPGP key pair, and shared credentials are encrypted individually to each recipient's public key - real end-to-end encryption, not a vault password handed around. All crypto runs client-side in the mandatory browser extension (distributed and signed through the Chrome and Firefox stores, deliberately separating the crypto code from the server that stores ciphertext); private keys and passphrases never touch your instance, and the server admin cannot read a single secret. Authentication uses the challenge-based GpgAuth protocol, secrets are digitally signed to verify sender integrity, and metadata encryption extends protection to resource names and URLs. Day to day it behaves like a polished commercial manager: auto-fill and auto-save in forms, strong password generation, anti-phishing protection, TOTP storage, folder hierarchies shared per-user or per-group with fine-grained permissions and instant cryptographic revocation. Native iOS, Android, and desktop apps ship alongside a JSON API, CLI, and SDKs for CI/CD secret retrieval and rotation. The PHP server runs on MariaDB and is AGPL-licensed open source - including the paid tiers' codebase - with published security audits.

Deploy
KeeWeb screenshot thumbnail

KeeWeb

Your KeePass vaults, opened from any browser: KeeWeb reads, edits, and creates standard KDBX files, so it works with the same databases as KeePass and KeePassXC without conversion or lock-in. Self-hosting the web app gives you a password manager reachable from any modern browser, including mobile, with no client installation and no third-party cloud in the loop. All KDBX cryptography runs client-side; the server just serves the static app. Open multiple vault files simultaneously and search them all from one box, with advanced options covering specific fields, password history, and regular expressions. Vaults load from local files, your own server (WebDAV), or Dropbox, Google Drive, and OneDrive, with automatic sync - and files are cached for offline use, so a dropped connection never locks you out; changes resync once you're back online. Day-to-day niceties include a configurable password generator, protected fields that stay masked and are held in memory more defensively, entry history, tags with easy input, drag-and-drop attachments, and per-entry icons with favicon fetching. The optional KeeWeb Connect extension (Chrome, Firefox, Edge, Safari) autofills credentials using the keepassxc-protocol. MIT-licensed with matching desktop apps for macOS, Windows, and Linux.

Deploy
It Tools screenshot thumbnail

It Tools

The utilities engineers otherwise scatter across a dozen ad-laden websites - 80+ of them - live together in IT-Tools, one fast, polished web app. Crypto covers JWT decoding, MD5 through SHA-512 hashing, HMAC and bcrypt generation, RSA key pairs, and password strength analysis. Converters handle JSON to CSV, YAML, and TOML, Base64 files, URL encoding, HTML entities, color formats, and Docker run commands to Compose files. Generators produce UUIDv4, ULID, BIP39 mnemonics, QR codes (including Wi-Fi QR), and tokens; text tools include a regex tester, diff viewer, slug and case converters; web utilities parse URLs and user agents, look up HTTP status codes and MIME types, and inspect Open Graph metadata; plus a cron parser, chmod calculator, and more. The privacy argument is the point: JWTs contain user IDs, hashes derive from passwords, JSON dumps hold PII - exactly the inputs you least want a third-party utility site to log. IT-Tools is a frontend-only static bundle (Vue/TypeScript, GPL-3.0, 39k+ GitHub stars) served by Nginx in one container, so everything runs client-side on your infrastructure with nothing transmitted anywhere. New tools ship roughly monthly, and a scaffolding script makes adding custom ones straightforward.

Deploy
Nametag screenshot thumbnail

Nametag

CRM mechanics applied to your actual relationships instead of a sales pipeline: Nametag is a Personal Relationship Manager (PRM). It exists to fix the things you keep forgetting: when you last talked to an old friend, their kids' names, the birthday you missed twice. Contacts are tracked with flexible attributes - names, birthdays, important dates, and free-form notes for everything else - and organized into custom groups. Where it goes beyond a contacts app is relationship mapping: you define how people connect to each other (family, friends, colleagues, or custom relationship types), and an interactive D3.js-powered graph renders your entire personal network so you can see clusters and connections at a glance. Staying in touch is automated: scheduled reminders fire for birthdays, important dates, and reach-out nudges, with optional email delivery via a Resend API key for password resets and reminder notifications. Built with Next.js, it is mobile-responsive, ships with full dark mode, and supports multiple languages including English and Spanish. Because it is self-hosted, there are no account tiers or contact limits - unlimited people and relationships, with every note about your personal life stored on your own server rather than a social-graph company's cloud. A lightweight, single-container deployment makes it one of the easiest personal tools to run.

Deploy
BentoPDF screenshot thumbnail

BentoPDF

Merge, split, compress, convert, edit, annotate, redact, OCR, and sign PDFs - BentoPDF packs over 130 tools into a privacy-first toolkit that runs entirely in the browser through WebAssembly. Files are never uploaded - processing happens in browser memory on the user's machine and disappears when the tab closes, which makes the tool GDPR-clean by architecture and safe for financial, legal, and internal documents. The engine combines WASM builds of PyMuPDF, Ghostscript, and CoherentPDF; Tesseract handles OCR with searchable text-layer output; Office conversions cover Word, Excel, and PowerPoint; and digital signatures use X.509 certificates (PFX/PEM) with the private key staying on the client. Because there is no server-side processing, deployment is a static-file exercise: a single Docker container, or any static host. A dedicated self-hosted build strips the marketing pages while keeping every tool, and air-gapped deployments are first-class - an automated script bundles the WASM modules, OCR language data, and fonts for fully offline networks. No accounts, no limits, no watermarks; TypeScript and Vite under the hood.

Deploy
Swetrix screenshot thumbnail

Swetrix

Traffic analytics, real-user performance monitoring, and client-side error tracking - normally three tools - in one cookieless, privacy-first dashboard: Swetrix. The Community Edition ships the same core engine as the cloud product - a NestJS API with ClickHouse for high-volume event storage, MySQL for relational data, and Redis for caching, fronted by a React dashboard and a ~5 KB tracking script with official packages for 20+ frameworks including Next.js, WordPress, and Shopify. Traffic analytics cover pageviews, referrers, UTM campaigns, geolocation, sessions with page flows, funnels, and custom events - all anonymized server-side with no cookies, no cross-device tracking, and no consent banner required for GDPR compliance. Performance monitoring records real-user metrics per pageview: TTFB, DNS and TLS timing, and render times, so regressions surface in the same place as traffic. Error tracking captures unhandled JavaScript exceptions automatically with formatted stack traces, filename/line metadata, affected browsers and pages, first/last-seen timestamps, and a resolve workflow - replacing a separate error monitoring subscription for many teams. Alerts fire to email, Slack, Telegram, Discord, or webhooks on traffic spikes, new errors, and custom events. If Plausible covers your traffic questions but you also want to know why the site broke, Swetrix answers both.

Deploy
PsiTransfer screenshot thumbnail

PsiTransfer

Upload files, get a share link, let it expire: PsiTransfer is a self-hosted WeTransfer with no accounts, no logins, and no third-party cloud with size caps and metadata harvesting. The engineering focus is large files over imperfect networks. Uploads use the tus.io resumable protocol, so a dropped connection on a multi-gigabyte video resumes exactly where it stopped once you're back online; downloads support HTTP range headers for the same resilience, and everything streams, so file size is bounded by your disk rather than memory. Files organize into upload buckets with retention you control: expire after a set time (up to weeks) or after a one-time download, with automatic cleanup when links lapse. Recipients need nothing installed - they open the link, preview files in modal views, and grab everything as a zip or tar.gz archive with one click. Buckets can be password-protected (AES-encrypted download lists), and security-through-obscurity is done properly: bucket URLs use hashed UUID tokens and stored filenames are replaced with UUIDs. An optional admin page (enabled by setting an admin password) lists bucket information and storage. The Vue.js frontend ships under 100 KB gzipped and is fully responsive. Honest caveat from the author: no end-to-end payload encryption yet. BSD-licensed, Docker-ready.

Deploy
Matomo screenshot thumbnail

Matomo

Several EU data protection authorities have ruled Google Analytics deployments unlawful; Matomo (formerly Piwik) is the most complete open-source replacement - a full analytics platform with 30+ report types across visitors, actions, referrers, goals, and ecommerce. The self-hosted PHP/MySQL edition is free and keeps every byte of visitor data on your infrastructure, which matters more each year: several EU data protection authorities have ruled Google Analytics deployments unlawful, while Matomo configured for cookieless tracking is approved by France's CNIL for use without a consent banner. All reporting runs on 100% unsampled data - no extrapolation at high traffic volumes. The GDPR Manager handles data subject requests and deletion, with IP anonymization, retention controls, and Do Not Track support built in. A dedicated importer pulls your historical Google Analytics data so years of trends survive the migration. Core analytics cover campaigns, custom variables and dimensions, entry/exit pages, downloads, site search, and full ecommerce tracking with a comprehensive HTTP API for reporting and ingestion. Premium plugins extend the platform into Hotjar-class behavioral tooling - click and scroll heatmaps, session recordings, conversion funnels, form analytics, A/B testing - plus a tag manager and SAML SSO. For teams that need GA-equivalent depth with actual data ownership, Matomo is the realistic drop-in replacement.

Deploy
Miniflux screenshot thumbnail

Miniflux

One statically-compiled Go binary over PostgreSQL, no ORM, no framework, static assets embedded in the executable: Miniflux is the minimalist, opinionated feed reader. The opinions are the feature: page layout, fonts, and colors are tuned for reading, and everything else is treated as noise. It consumes Atom, RSS, and JSON Feed formats with OPML import/export, organizes articles with categories and bookmarks, fetches original full-text content for summary-only feeds, and provides Postgres-powered full-text search. Privacy work happens automatically: pixel trackers are stripped, tracking parameters removed from URLs, a media proxy blocks third-party tracking, referrers are never forwarded, and there is zero telemetry. Navigation is keyboard-first - j/k through items, o to open, f to star - with touch gestures on mobile. Podcast, video, and music enclosures are supported, and YouTube videos play inline. Over 25 integrations save articles onward to Wallabag, Readwise Reader, Pinboard, Linkding, Instapaper, Notion, Telegram, Matrix, Ntfy, and more, plus webhooks and a REST API with Go and Python clients; the Google Reader API endpoint supports existing mobile reader apps. Authentication spans local passwords, passkeys (WebAuthn), Google OAuth2, OpenID Connect, and reverse-proxy headers. It is Apache 2.0 licensed, translated into 20 languages, and updates feeds on an internal scheduler.

Deploy
Monica screenshot thumbnail

Monica

Take the tool sales teams use to never forget a client detail and point it at the people who actually matter - friends, family, the colleague whose kid's name you keep blanking on: Monica is a personal CRM. It's a Laravel/PHP application over MySQL where each contact accumulates the texture of a real relationship: how you met, family members and pets, work changes, addresses, notes from conversations, activities done together, gift ideas and gifts given, even debts owed in multiple currencies. Two features set it apart from every contact app. Reminders with staying power: set per-contact intervals (weekly through yearly), get notified at 30 days, 7 days, and day-of, with automatic birthday reminders and CalDAV sync to your calendar. And a journal linked to contacts: write about dinner with friends, tag each person, and build a timeline that's part diary, part relationship log - plus a daily "how was your day" rating. Monica is deliberately manual and deliberately private: no social network features, no AI, no email scraping, no ads, no analytics - a quiet database of what you know about people you love, on your own server. Multiple vaults and users, labels, custom activity types, and document/photo uploads round it out. AGPL-licensed.

Deploy
Endurain screenshot thumbnail

Endurain

A personal Strava on your own server: Endurain is a self-hosted fitness platform that keeps your complete workout history, GPS routes, and health data out of a vendor's cloud. It ingests the standard device formats (.gpx, .tcx, and preferred .fit with full sensor data) via manual or bulk upload, and syncs directly with Strava and Garmin Connect so migrating years of history is straightforward - Garmin sync covers activities, gear, and body composition. The dashboard shows activity feeds with weekly and monthly statistics, routes on maps, and distance, speed, and training-volume trends over time, with definable goals that update automatically. Gear tracking is notably deep: log wetsuits, bicycles, shoes, racquets, skis, and snowboards, assign default gear per activity type, and track individual components like bike chains against replacement mileage. Multi-user support with admin and user roles, follower features, per-activity privacy settings, and configurable sign-up (email verification, admin approval) make it usable for clubs and coaches as well as individuals. Auth is serious for a fitness app: MFA TOTP, OIDC/SAML SSO, and email-based password resets via Apprise. The stack is Vue.js over a Python FastAPI backend with PostgreSQL, plus weight, steps, and sleep logging, imperial/metric units, multi-language support, and third-party app integration.

Deploy
Aptabase screenshot thumbnail

Aptabase

Web analytics tools ignore native mobile, desktop, and game apps; Aptabase was built for exactly those. If Firebase Analytics would force a privacy-policy footnote you don't want to write, this is the alternative - session-based metrics with no cookies, no IDFA or GAID, no device fingerprinting, and a daily-rotated salt that makes cross-day re-identification mathematically impossible. That design means GDPR, CCPA, and PECR compliance out of the box and "Data Not Collected" App Store privacy labels without ATT prompts. The SDK coverage is the widest in its category: eleven first-party libraries spanning Swift, Kotlin, Flutter, React Native, Tauri, Electron, .NET MAUI, NativeScript, Unity, Unreal Engine, and JavaScript for web - each MIT-licensed, following platform conventions, and accepting a custom host parameter that points at your instance. Integration is minutes: initialize with an app key, call trackEvent with optional properties, and the dashboard shows sessions, events, app versions, OS breakdowns, and country-level geography. The self-hosted stack is a .NET server over PostgreSQL for metadata and ClickHouse for high-volume event ingestion, giving cloud-parity features under an AGPL license. For indie iOS/Android apps, Electron and Tauri tools, and Unity or Unreal games, it replaces Firebase without the Google entanglement.

Deploy
Joplin screenshot thumbnail

Joplin

Notes on Windows, macOS, Linux, Android, iOS, and the terminal, synced through your own server: Joplin pairs its open-source clients with Joplin Server, the official self-hosted backend that replaces Dropbox, OneDrive, or Nextcloud as the synchronization target. Notes are Markdown with inline attachments (images, PDFs, audio), organized into hierarchical notebooks and sub-notebooks with cross-cutting tags, alongside to-do lists with reminders and alarms. End-to-end encryption is the headline feature: enabled in the clients, it encrypts sync payloads on-device before upload, so the server stores blobs it cannot read - genuine protection even if the host is compromised. The desktop app offers both Rich Text and Markdown editors, extended by a plugin ecosystem, custom themes, and an Extension API for writing your own scripts; a Web Clipper for Chrome and Firefox captures full pages or screenshots straight into notebooks. Joplin Server ships as a Docker image with SQLite for evaluation and PostgreSQL for production, offers a filesystem storage driver for large content, and includes multi-user support and note sharing - all free under AGPL-3.0 when self-hosted. Notes stay in an open format, so the exit path always exists.

Deploy